I am lost, confused.. begging for your help experts.."Security job position"

FiR3x

docrice wrote: »

For the position I'm in, I wouldn't say it's 95% paperwork. That's a pretty extreme percentage. But there is still a considerable amount of documentation involved. Most of my work is hands-on in terms of deployment, troubleshooting, investigating, analysis, evaluations, etc.. A good chunk of my time is spent aggregating information into a event tracking system or emailing or diagraming. Part of the overall fun. I think far too many people who are outside of infosec looking in sees a much glossier picture than it really is. I've worked for technology companies for almost all of my career and in general it turns out to be more mundane when you get on the inside.

It's like being in a nightclub with all the colorful lights moving about and seeing someone of the opposite gender who's really attractive across the room. Then when you get up close or walk outside with her ... reality hits.

Well, maybe it's not necessarily that dramatic. You just need to understand that practically any security position is going to require a lot of "tedious" work in some aspects. It's not all keyboard time.

Impressive certifications list, its a little sad that pentetration testing is "boring" after all those massive amount of knowledge gained, and the hard work done.

YuckTheFankees

Just keep in mind, it may be boring to you but there are a lot of people who love the technical aspect along with all the paperwork as well.

the_Grinch

As docrice said, it's not all paperwork, but it is a big part of it. If your doing audits or compliance, it is almost all paperwork. Pentesting, there will be a report at the end (and save to say you are documenting as you go along). Forensics, not really sure, but I assume there is paperwork (YuckTheFankees can shed some more light on this). My point was to go along with others and know that it isn't all sexy.

doc "It's like being in a nightclub with all the colorful lights moving about and seeing someone of the opposite gender who's really attractive across the room. Then when you get up close or walk outside with her ... reality hits." that's why you keep a fully stocked bar at home

JDMurray

Also consider electronic "paperwork-like work," such as reading/writing spreadsheets, documents, searching/referencing databases, logs files, Web sites, and information storage systems, etc. Oh, and tons and tons of email. Lets say it's 95% ePaperwork.

kalkan999

What this industry is going to need sooner rather than later is someone to draft NEW paperwork that the rest of us are going to use in response to how we will: Defeat Flame and malware similar to it, and document that it was done, and how it was done.

the_Grinch

Just don't forget the coversheet on your TPS reports

paul78

FiR3x wrote: »

Are you referring to all the security teams in all different kinds of companies at all geographical areas?

Not really, just my experience and personal observation. I work in financial services industry for a technology provider. My comment is just one data point in a sea of other postings. TE like other internet forums have people from all industries and parts of the world. This particular community happens to have folks with varied experiences and some with decades of technology experience who are willing to share their experiences so others can benefit.

But to your original question about how to enter infosec - as you pointed out - there are lots of ways as infosec is broad. I would say go with whatever you find appealing. The infrastructure side (you mentioned Cisco and Linux) isn't the only place to start - my opinion is that with the current state of most organizations that need good security - it's application security where the industry lacks good practitioners. I would like to see more people enter infosec from a software development perspective. Ideally those trained with computer science and software engineering disciplines. The biggest attack surface at most organizations is typically not their network or server OS's - it's their applications.

@afcyung - oh yeah - you just reminded me that auditors and assurance teams are even more unpopular.

doobies

paul78 wrote: »

It's interesting to me that so many people find Infosec glamorous. My experience has been that infosec teams are not generally very popular within a company. Infosec teams can be seen as a hurdle (if not marketed correctly) to business. And other employees place infosec in the same category as the legal department and HR.

my exp has been they are lazy... and don't do their frigging jobs... or they have been neutured and have policies they can't or are scared to enforce. some truly have a passion for it.. others collect paychecks. Your definitely not popular as you are the police in your company.. goes with the role. And people don't wanna hear about security holes when they are trying to buy that newest latest and greatest technology,widget thingy for the company.

paul78

doobies wrote: »

my exp has been they are lazy... and don't do their frigging jobs...

Sorry to hear that you have had such unfortunate experience in the workplace. I have only ever worked in the US northeast for financial service technology organizations. Perhaps I'm just lucky but every organization that I've ever worked in - everyone is extremely diligent and really do their best to move the business forward - regardless of whether they are the custodial staff or the CEO. Maybe it's the competitive nature of the tech finance industry in the northeast - lazy and incompetent employees typically do not rise above their level of effort.

doobies

paul78 wrote: »

Sorry to hear that you have had such unfortunate experience in the workplace. I have only ever worked in the US northeast for financial service technology organizations. Perhaps I'm just lucky but every organization that I've ever worked in - everyone is extremely diligent and really do their best to move the business forward - regardless of whether they are the custodial staff or the CEO. Maybe it's the competitive nature of the tech finance industry in the northeast - lazy and incompetent employees typically do not rise above their level of effort.

probably right... im not exactly privsector so rules are different... stakes are different. I think people in priv sector (and correct me if im wrong) are much more protective over their jobs being that we are still in a recession. more to lose... with 100+ applicants waiting for your to fail.

were I am... we have the 100+ applicants... but without certain keys.. they won't fit the bill. Some people are comfy b/c of that thought...

recently tho.. i can say as a result of my vuln scans there has been some turnover in some sections as there is no excuse for not patching... lulz.

and i agree with a lot of others on here.... ITS A LOT OF PAPERWORK... whether it be upfront or in arcsight.. or rememdy or some ticketing system.. there is allways a paper trail....

doobies

FiR3x wrote: »

"

Now how on earth am I gonna end up in a security position? is Cisco and Linux related to each other in a real job? Does CCNA and LPI help together to achieve something? even If I mastered Cisco and Linux from the security side? plus, after getting CCNA and LPI, I dont really know what to cert to go for next? The most time I enjoy is when I set a pen testing lab at my place and spend the whole day looking at how those packets loop trying to exploit the network and the system. What do you suggest for me? After graduating I will end up with my electronics and computer degree + CCNA + cPPT + LPI, will go for a network job related to linux maybe? but that can't happen I guess since I will be only working with the help of my CCNA cer for networking jobs, which will result on working with Cisco systems only and not linux, but I guess after that I could move into network security? I know my thread is messy & sorry for that, I have been reading about certs and jobs for months now, I really need advice and would be very thankfull.

Thanks all

and my bad... constructive feedback:

From yourback ground.. if you get a ccna related or networking related job (your strengths)... you might.. .and will probably end up performing IDS/IPS... specially if your good with linux. As pcap.. and linus go hand in hand.

Protip:.. network engineering isn't that far from security. Most IR /IDS groups rely on the networking guys for evidence. So don't be suprised if you get hired as an engineer and end up using the same tools....

with that said... find a crappy overnight/weekend shift at your local SOC, NOSC if you wanna skip some steps.

beads

A couple of quick thoughts here on security versus networking or development positions.

Most networking positions face less paperwork for the most part. Generally more "hands-on" so to say. Security on the other hand and trending higher will involve much in the way of documentation, reports, recommendations, policy, procedures, standards and guidelines. Lets not forget oral presentations to senior level types as well.

Security also relies (*gasp!*) heavily on business skills than the more traditional development and networking fields then most people think. Then again, most security people don't speak business well enough to influence "business types" successfully over time to always be considered valuable to the organization.

Most seasoned veterans will agree with the following statement as well: Security is best done after you master one of the three pillars of IT. Those pillars being development, infrastructure or DBA. It takes time to learn the business side of things well enough to see the larger picture at hand. Otherwise you become just another hammer looking for a nail to hit. In truth that is why its so difficult to break into this field in the first place. Chicken before the egg quandary all over again. It was the same for IT in general back in the 1980s and early 1990s till Y2K reared its ugly head and anyone who turn a computer on was hired as an "expert".

I love this field sometimes, really do! LOL.

- beads

JDMurray

beads wrote: »

Most networking positions face less paperwork for the most part.

Try working in a NETOPS environment with full configuration management in place. The paper tickets may have been replaced with ePaper tickets, but it's still endless, mind-numbing paperwork none-the-less. You start to hate finding problems because of all the paperwork that diagnosing, fixing, and testing it will generate.

docrice

I work in a fast-paced, highly hands-on Network Operations team as the Network Security Engineer, and I'll tell you that there's plenty of documentation work involved. Plenty. I also lend a hand on some of the system-side of things and that gets quite involved as well.